[Reportbug-maint] Bug#878088: Bug#878088: reportbug: please inform security and lts teams about security update regressions

Nis Martensen nis.martensen at web.de
Sun Jan 28 00:01:49 UTC 2018 

On 26-01-2018 15:45, Markus Koschany wrote:
> I am not convinced that the apt-cache method is more efficient than
> parsing the version string. I believe my method is simpler and it would
> catch the same potential candidates as your apt-cache idea. Manual
> intervention (answering a question) cannot be avoided unless the
> security team agrees to receive all bug reports against a version with a
> security update. I am absolutely sure that is not desired.

I agree that the question should be asked when the package version is a
security update.  What I am trying to achieve using the apt-cache method
(on top of the version string method) is to avoid asking the question
for "normal" package updates in stable.

Attached a new version of the is_security_update function. This could be
further refined by fetching the changelog from the package tracker if
the package version is not the installed one, but this is probably going
too far...

No idea how many of the stable package updates are usually normal bug
fix updates compared to the number of security updates. If updates are
almost all security updates, then we should definitely not do such
micro-optimization and go with your original approach.


> I favor my current patch because of the reasons I mentioned before. I
> can remove the sys.exit call? What else should be done?

"secversion[2]" should be "secversion.group(2)", right?  The former
variant did not work for me in a quick test.

Using an else clause may be more pythonic than my previous suggestion of
moving more stuff into the try block.

Reportbug has an "ewrite()" function that you can use for the warning
message.

Reportbug has a concept of user expertise levels.  Can the question be
skipped in novice mode?

Should reportbug incorporate a default version of the json file to fall
back to if the lookup fails? Reportbug is probably going to be updated
more often than the online version of the json file. An internal version
could also be updated regularly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-utils-add-new-is_security_update-function.patch
Type: text/x-patch
Size: 3536 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reportbug-maint/attachments/20180128/dd9f5591/attachment.bin>

More information about the Reportbug-maint mailing list